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WHAT IS CLAIMED IS: 

A scalable or- 
'itei^s^ (VBI) comprising: 

a client system for interfacing with one or more users; and 
a scalable server system capable of communicating with the 
client system over a communication network comprising: 

a database renote from the users including information 



about the users; 

a stateless c 
one or more users; and 

a plurality c 



::yptographic module for authenticating the 



users, wherein each s 
processed in the servet 



2. The system 
transaction data is re 



f security device transaction data stored 
in the database for ensuring authenticity of the one or more 

ecurity device transaction data can be 
system in a stateless manner. 



4 . The system 
transaction data relat 
database . 



f claim 1, wherein each security device 
.ated to a user. 

f claim 2, wherein the security device 



user is loaded into the 



3. The system 
transaction data relkted to 

cryptographic module whjen the user requests to operate on a value 
bearing item. 



f claim 3, wherein the security device 
d to a user is updated and returned to the 



5. The system qf claim 1, further comprising at least one 



more stateless crypto 
module is capable of p 



device transaction data 



[raphic module, wherein each cryptographic 
rocessing any of the plurality of security 
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6. The system of claim 5, wherein a use 
authenticated using any of the cryptographic module^ 



can be 



7. The system of claim 5, further comofising computer 
executable code for load-balancing to route us^r requests to the 
at least one more cryptographic module. 



10 8. The system of claim 5, further comprising computer 

executable code for load-balancing to /distribute traffic among 
the multiple cryptographic modules 

9. The system of claim 1, wherein the cryptographic module 
ry 15 is capable of authenticating an/ of the one or more users 



in 




H 20 



10- The system of cl^im 1, wherein the database is 
partitioned across a plural/ty of physical databases. 

11. The system of c/aim 1, wherein the cryptographic module 
performs cryptographic ^function on a transaction related to the 
database . 



12. The system of claim 1, further comprising computer 
25 executable code / for password authentication to prevent 

unauthorized access to the database. 

13. The/system of claim 1, wherein the database stores a 
first set of one or more last database transactions and the 

30 cryptographcic module stores a second set of one or more last 
database ^transactions for comparison with the first set of one 
or more/last database transactions stored in the database to 
verify/each database transaction. 
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14. The system of claim 13, wherein the cryptographic 
module prevents further database transactions if the second set 

5 of one or more last transaction stored in the cryptographic 
module does not compare with the first set of one pr more last 
transaction stored in the database, 

15. The system of claim 1, wherein the cryptographic module 
10 includes a data validation subsystem for allowing the module to 

verify that data is up to date and an auto-refcovery subsystem for 
automatically re-synchronize the module vyith the data. 

16. The system of claim 1, whereiri the cryptographic module 
15 includes a computer executable code /or preventing unauthorized 

modification of data. 



20 



17. The system of claim 1, /^herein the cryptographic module 
includes a computer executable code for ensuring the proper 
operation of cryptographic/ security and VBI related meter 
functions . 



18. The system of czlaim 1, wherein the cryptographic module 
includes a computer Executable code for supporting multiple 

25 concurrent users. 

19. The system of claim 1, wherein the database includes 
one or more indicium data elements, data for account maintenance, 
and data for revenue protection. 
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20. Tfie system of claim 1, wherein the database includes 
virtual m^ter information. 
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22. The system of claim 1, wherein the value bearing l/tem 
is a mail piece. 

5 

23. The system of claim 22, wherein the postal/indicium 
comprises a digital signature. 

24. The system of claim 1, wherein the cryptographic module 
10 performs cryptographic function on validation information 

according to a user request for printing a VBj 



15 



25. The system of claim 1, wherein the' cryptographic module 
generates data sufficient to print ac postal indicium in 
compliance with postal service regulati/on on a mail piece. 



26. The system of claim 1, wh^ein the value bearing item 
is a ticket. 




27. The system of claim y, wherein a bar code is printed 
on the value bearing item. 



28. The system of cl^im 1, wherein the value bearing item 
is a coupon. 

25 

29. The system o£ claim 1, wherein the value bearing item 
is currency. 

30. The system of claim 1, wherein the value bearing item 
30 is a voucher, 

31. The /System of claim 1, wherein the value bearing item 
is a traveler s check, 
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32. The system of claim 1, wherein each security devicre 
transaction data includes one or more of an ascending register 
value, a descending register value, a respective cryptographic 
module ID, an indicium key certificate serial number, a lioensing 
ZIP code, a key token for an indicium signing key, user /ecrets, 
a key for encrypting user secrets, date and time/ of last 
transaction, last challenge received from a respective client 
subsystem, an operational state of the respective module, 
expiration dates for keys, and a passphrase repetition list. 

33. The system of claim 1, wherein each/ security device 
transaction data includes one or more of a pri/vate key, a public 
key, and a public key certificate, wherein/the private key is 
used to sign module status responses and a VBI which, in 
conjunction with a public key certificate/ demonstrates that the 
module and the VBI are authentic. / 

34. The system of claim 1, wherein the cryptographic module 
is capable of performing one or more of Rivest, Shamir and 
Adleman (RSA) public key encryption, DES, Triple-DES, DSA 
signature, SHA-1, and Pseudo-random number generation algorithms. 

35. The system of clai/m 1, wherein the server system 
further comprises one or mo/e of a postal server subsystem, a 
provider server subsystem, / an e-commerce subsystem, a staging 
subsystem, a client support subsystem, a decision support 
subsystem, a SMTP subsystem, an address matching service 
subsystem, a SSL proxy server subsystem, and a web server 
subsystem. / 

36. The system of claim 1, wherein the database includes 
one or more of a/postal database, a provider database, an e- 
commerce database, and a membership database. 
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37. The system of claim 1, further comprising an address 
matching server for verifying a correct address specified/by a 
user. / 

38. The system of claim 1, further comprising/a printer 
driver database for storing supported printer driver information. 

39. A method for printing value-bearing items (VBI) via a 
communication network including a client syste^n, and a scalable 
server system, the method comprising the steps of: 

interfacing with one or more users via^ the client system; 

communicating with the client system Aver the communication 
network; / 

storing user information in a database accessible through 
the network; / 

authenticating the one or mare users using a scalable 
cryptographic module; and / 

storing in the database a/ plurality of security device 
transaction data for ensuring Authenticity of the one or more 
users, wherein each security device transaction data can be 
processed in the server system in a stateless manner. 

40. The method of alaim 39, wherein each security device 
transaction data is relarbed to a user. 

41. The method yof claim 40, further comprising the step of 
loading the security device transaction data related to a user 
into the cryptographic module when the user requests to operate 
on a value bearing item. 

42. The ^riethod of claim 41, further comprising the steps 
of. updating /nd returning the security device transaction data 
related to A user to the database. 



-47- 



36530/RRT/S850 



43. The method of claim 39, further comprising the step of 
adding at least one more stateless cryptographic module, wherein 
each cryptographic module is capable of processing any/ of the 
plurality of security device transaction data. / 

44. The method of claim 39, further comprising the step of 
authenticating a user using any of the cryptographic modules. 

45. The method of claim 43, further comprising the step of 
load-balancing to route user requests to /che at least one more 
cryptographic module. / 

46. The method of claim 43, further comprising the step of 
loatl-balancing to distribute /raffic among the multiple 
cryptographic modules. / 

47. The method of claim 39, further comprising the step of 
the authenticating any at the one or more users using the 
cryptographic module. / 

48. The systerjpr of claim 1, further comprising the step of 
partitioning the /database across a plurality of physical 
databases. / 

49. The method of claim 39, further comprising the step of 
encrypting da/abase transactions using the cryptographic module. 

50. JThe method of claim 39, further comprising the steps 
of verifying a user password before granting access to the 
database . 
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51. The method of claim 39, further comprising the/steps 



of 



storing one or more last database transaction^ in the 
database; 

storing one or more last database transactions in the 
cryptographic module; and 

comparing the one or more last database transactions stored 
in the database with the one or more last database transactions 
stored in the cryptographic module to ver/fy each database 
transaction. 



52. The method of claim 39, furthey comprising the step of 
encrypting transactions related to yhe database using the 

ryptographic module. 

53. The method of claim 39, /further comprising the steps 
of storing one or more last database transactions in the 
database, storing one or more la&t database transactions in the 
cryptographic module for comparison with the one or more last 
database transactions storey/ in the database to verify each 
database transaction . 



54. The method of oiaim 53, further comprising the step of 
preventing further datat/ase transactions if the one or more last 
transaction stored in the cryptographic module does not compare 
with the one or more Aast transaction stored in the database. 



55. The method of claim 39, further comprising the steps 
of preventing ur/authorized modification of data using the 
cryptographic module. 



56'. The/method of claim 39, further comprising the steps 
of verifying^ that the database is up to date. 
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57. The method of claim 39, further comprising the /steps 
of automatically re-synchronizing the cryptographic mody/Le with 
the database. 

58. The method of claim 39, further comprising the step of 
ensuring the proper operation of cryptographic security and VBI 
related meter functions . 

59. The method of claim 39, further comprising the steps 
of supporting multiple concurrent operatoi/s. 



60. The method of claim 39,furthei/ comprising the steps of: 
storing information about a Plumber of last transactions 
in a respective internal register pf each of the one or more 
cryptographic devices ; 

storing a table including the information about a last 
transaction in the database; 

comparing the information saved in the respective 
device with the respective information saved in the database; and 
loading a new t/ransaction data if the respective 
in the/ d 



information stored 



device compares with the respective 



information stored in the database 



61. The method af claim 39, further comprising the step of 
storing data for creating one or more indicium, account 
maintenance, and r^/enue protection. 

62. The met/hod of claim 39, further comprising the step of 
printing a mail/piece. 



63. The/method of claim 62, wherein the mail piece includes 
a digital signature. 



/ 
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64. The method of claim 62, wherein the mail piece inpdudes 
a postage amount. 

5 

65. The method of claim 62, wherein the mail pieofe includes 
an ascending register of used postage and descending^ register of 
available postage . 

10 66. The method of claim 50, further comprising the step of 

printing a ticket. 



15 




67. The method of claim 39, further ^Comprising the step of 
printing a bar code. 

68. The method of claim 39, further comprising the step of 
printing a coupon. 



69. The method of claim 39, /further comprising the step of 
printing currency . 

70. The method of claiij/ 39, further comprising the step of 
printing a voucher. 



25 71. The method of claim 39, further comprising the step of 

printing a traveler's oneck. 



72. The method/ of claim 39, wherein the security device 
transaction data /includes an ascending register value, a 
30 descending register value, a respective cryptographic device ID, 
an indicium key certificate serial number, a licensing ZIP code, 
a key token for/ an indicium signing key, user secrets, a key for 
encrypting user secrets, date and time of last transaction, last 
challenge received from a respective client subsystem, an 
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operational state of the respective device, expiration dates/ for 
keys, and a passphrase repetition list. 



10 



73. The method of claim 39, further comprising thffe step of 
performing one or more of Rivest, Shamir and Adleman l/RSA) public 
key encryption, DES, Triple-DES, DSA signature,/ SHA-1, and 
Pseudo-random number generation algorithms usir>g each of the 
cryptographic devices . 
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74. The method of claim 39, further ^comprising the step 
keeping track of user accesses to a vex/dor website using a 
website database 

75. The method of claim 39, further comprising the step of 
scoring postal transaction data, financial transaction data, 
customer marketing information, commerce product information, 
meter license information, meter /esets, meter history, and meter 
movement information in an offline database 

76. The method of claiA 39, further comprising the step of 
storing customer information, financial transactions, and 
information for marketing queries in a data warehouse database, 

77. The method qff claim 39, further comprising the steps 
of authorizing and capturing funds from a customer's account and 
transferring the fiends to a vendor's account using an e-commerce 
server . 

78. The /Method of claim 39, further comprising the step of 
verifying a /correct address specif ied using a user using an 
address matching server. 
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